U.S. companies supply eavesdropping gear to Central Asian autocrats

Introduction

American companies are supplying technology that the governments of Kazakhstan and Uzbekistan are using to spy on their citizens’ communications and clamp down on dissent, according to a new report from the U.K.-based advocacy group Privacy International.

Verint Systems, a manufacturer of surveillance systems headquartered in Melville, N.Y., has sold software and hardware to Kazakhstan and Uzbekistan that is capable of mass interception of telephone, mobile, and Internet networks, the group alleged in its Nov. 20 report. It also provided the training and technical support needed to run them, the report said.

Verint, which claims customers in 180 nations, in turn sought decryption technology made by a firm in California, Netronome, as it helped the Uzbek government attempt to crack the encryption used by Gmail, Facebook, and other popular sites, according to the report.

The report’s overall message is that countries in Central Asia — including also Turkmenistan and Kyrgyzstan — regarded as among the world’s most autocratic are getting Western help to install, on a much smaller scale, some of the same advanced mass interception techniques that Edward Snowden revealed are used by the National Security Agency.

Those acquisitions have been facilitated in part by loose export controls over surveillance technology. To be subject to U.S. export restrictions, products must appear on a Commerce Department control list — and the key components of the surveillance products described in the Privacy International report do not appear to be on those lists, according to report co-author Edin Omanovic.

Products that can lay the foundation for mass surveillance are not restricted by special export controls if they are sold in an off-the-shelf, unaltered state, according to Eva Galperin, a global policy analyst at the Electronic Frontier Foundation, a non-profit digital rights foundation.

While many of the group’s sources are not listed in the report, and its claims therefore cannot all be confirmed, the report says that staff members interviewed activists in the region who recounted that transcripts of their private communications were used to convict and imprison them on charges of conspiracy.

Recent U.S. State Department reports for Kazakhstan and Uzbekistan describe a pattern of state-sponsored torture, inhumane treatment of prisoners, arbitrary arrest, and limited civil liberties in both countries. The State Department’s report on Uzbekistan specifically accused authorities there of detaining and prosecuting activists and journalists for politically motivated reasons. In the Kazakhstan report, “severe limits on citizens’ rights to change their government” was listed as a significant human rights problem.

Kathleen Sowers, an assistant to the general manager of Verint Systems, said in a telephone conversation on Nov. 20 that all of the company’s senior personnel were traveling and could not be reached for comment. Netronome spokeswoman Jennifer Mendola said in an email that the company had “no information on the matter” described in the Privacy International report. The company complies with all applicable laws of the United States and every other jurisdiction in which it operates, and “does not condone any violation of human rights or personal privacy,” she added.

March 17, 2017

November 10, 2016

Privacy International, a 24-year-old registered charity in the United Kingdom, publishes investigations and studies about digital privacy. It has challenged the legality of Britain’s spy agency using information obtained from the U.S. National Security Agency’s PRISM surveillance program to conduct mass surveillance of British citizens.

Several of the firms alleged to have exported snooping gear to the region have Israeli connections. Verint’s exports, for example, were dispatched by its Israeli subsidiary, according to the report. According to Omanovic, multiple sources had told his group that the transfers had been approved by the Israeli government. Israel and Kazakhstan signed an agreement for defense trade and cooperation at the beginning of 2014. A spokesman at the Israeli embassy in Washington did not have any immediate comment.

The report also said the Israeli firm NICE Systems has supplied monitoring systems with mass surveillance capabilities to the Kazakh and Uzbek regimes. Erik Snyder, NICE’s director of Corporate Communications, told the group in response that NICE provides law enforcement agencies and intelligence organizations with solutions for lawful communication interception, collection, processing, and analysis, but that it “does not operate these systems, and has no access to the information gathered.”

Some of the U.S. companies named in the report allegedly provided the Central Asian governments with technology that has less controversial purposes. Sunnyvale, Ca.-based Juniper Networks manufactured broadband equipment that Kazakhstan has been using to transmit data, according to the report, and a surveillance system that actively monitors internet users is now operating from that equipment. But the report makes no claim about Juniper’s complicity in surveillance. Juniper spokeswoman Danielle Hamel said she would look into the claim but then did not respond further.

The sole international agreement that includes regulations for the export of mass surveillance technologies — known as the Wassenaar arrangement — is non-binding on its 41 signatories. Israel is not a signatory, but says it uses Wassenaar’s control list as a guide, according to Privacy International’s Omanovic.

In October 2014, the European Commission amended its export controls to impose extra licensing requirements on monitoring and interception technologies. But the U.S. has not enacted its own controls on such exports.

Rep. Chris Smith, R-N.J., has introduced several versions of a bill entitled “The Global Online Freedom Act,” meant to “prevent United States businesses from cooperating with repressive governments in transforming the Internet into a tool of censorship and surveillance.” But he has not been able to get the bill approved even by the subcommittee on Africa, Global Health, Global Human Rights and International Organizations that he chairs.